Skip to main content
Glama
enesjakozh

Shodan-MCP-Server

by X3r0K
GitHub
JavaScript
OverviewInspectNewSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Shodan MCP Server

A Model Context Protocol (MCP) server that provides access to Shodan's internet scanning capabilities through a standardized interface.

Overview

This server implements the Model Context Protocol to expose Shodan's powerful internet scanning and reconnaissance capabilities. It provides a standardized interface for querying Shodan's database of internet-connected devices, services, and vulnerabilities.

Features

  • Search Capabilities: Query Shodan's database using advanced search filters
  • DNS Lookup: Resolve domain names and get detailed DNS information
  • CVE Information: Get detailed information about Common Vulnerabilities and Exposures
  • Get Vulnerabilities: Get detailed infor Vulnerabilities related to an IP address
  • Standardized Interface: Uses MCP protocol for consistent communication
  • Environment Variable Support: Secure API key management through environment variables

Prerequisites

  • Node.js (v14 or higher)
  • npm (v6 or higher)
  • Shodan API key

Installation

  1. Clone the repository:
    git clone https://github.com/X3r0K/Shodan-MCP-Server-Inspector.git cd shodan-mcp-server-Inspector
  2. Install dependencies:
    npm install
  3. Create a .env.local file in the root directory and add your Shodan API key:
    SHODAN_API_KEY=your_api_key_here

Usage

Starting the Server

  1. Build the server:
    npm run build
  2. Start the server:
    node build/index.js

Available Tools

  1. Search Tool
    • Query: Search for devices and services using Shodan's search syntax
    • Example: log4j country:US city:Atlanta
    • Returns: List of matching devices with detailed information
  2. DNS Lookup Tool
    • Query: Domain name to resolve
    • Example: example.com
    • Returns: DNS records and related information
  3. CVE Info Tool
    • Query: CVE identifier
    • Example: CVE-2021-44228
    • Returns: Detailed vulnerability information

Example Queries

// Search for Log4j vulnerable systems in the US { "query": "log4j country:US" } // DNS lookup for a domain { "query": "example.com" } // Get CVE information { "query": "CVE-2021-44228" }

Using the MCP Inspector

image

You can use the MCP inspector to interact with the server directly:

  1. Install the MCP inspector:
npm install -g @modelcontextprotocol/inspector
  1. Run the inspector with your server:
npx @modelcontextprotocol/inspector build/index.js

The inspector provides an interactive interface to:

  • Test all available tools
  • View tool documentation
  • Debug server responses
  • Monitor server status

Environment Variables

  • SHODAN_API_KEY: Your Shodan API key (required)
  • PORT: Server port (optional, defaults to 3000)
  • LOG_LEVEL: Logging level (optional, defaults to 'info')

Error Handling

The server implements comprehensive error handling for:

  • Invalid API keys
  • Rate limiting
  • Network issues
  • Invalid queries
  • Server errors

Security Considerations

  1. API Key Protection:
    • Never commit API keys to version control
    • Use environment variables for sensitive data
    • Rotate API keys regularly
  2. Rate Limiting:
    • Respect Shodan's API rate limits
    • Implement client-side rate limiting
  3. Data Privacy:
    • Filter sensitive information from responses
    • Implement access controls as needed

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

  • Shodan for providing the API
  • Model Context Protocol team for the MCP specification

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

This is a Model Context Protocol (MCP) server that provides access to the Shodan API. It allows you to programmatically query Shodan for information about devices, vulnerabilities, and more.

  1. Overview
    1. Features
      1. Prerequisites
        1. Installation
          1. Usage
            1. Starting the Server
            2. Available Tools
            3. Example Queries
            4. Using the MCP Inspector
          2. Environment Variables
            1. Error Handling
              1. Security Considerations
                1. License
                  1. Acknowledgments

                    Related MCP Servers

                    • mcp-shodan

                      BurtTheCoder
                      -
                      security
                      A
                      license
                      -
                      quality
                      MCP server for querying the Shodan API and Shodan CVEDB. This server provides tools for IP lookups, device searches, DNS lookups, vulnerability queries, CPE lookups, and more.
                      Last updated -
                      7
                      663
                      18
                      JavaScript
                      MIT License
                      • Apple

                    • mcp-hn

                      erithwik
                      A
                      security
                      A
                      license
                      A
                      quality
                      A Model Context Protocol (MCP) server that provides tools for searching and fetching information from Hacker News.
                      Last updated -
                      4
                      6
                      Python
                      MIT License
                      • Apple

                    • ADEO CTI MCP Server

                      ADEOSec
                      -
                      security
                      F
                      license
                      -
                      quality
                      A Model Context Protocol server that provides access to Shodan and VirusTotal APIs for cybersecurity analysis, enabling analysts to perform network intelligence operations including host lookups, vulnerability analysis, and threat intelligence gathering.
                      Last updated -
                      1
                      TypeScript

                    • Shodan MCP Server

                      Cyreslab-AI
                      A
                      security
                      A
                      license
                      A
                      quality
                      Provides access to Shodan API functionality, enabling AI assistants to query information about internet-connected devices for cybersecurity research and threat intelligence.
                      Last updated -
                      23
                      13
                      JavaScript
                      MIT License
                      • Linux
                      • Apple

                    View all related MCP servers

                    Appeared in Searches

                    New MCP Servers

                    MCP directory API

                    We provide all the information about MCP servers via our MCP API.

                    curl -X GET 'https://glama.ai/api/mcp/v1/servers/X3r0K/Shodan-MCP-Server-Inspector'

                    If you have feedback or need assistance with the MCP directory API, please join our Discord server